PasswordReset

From Request Tracker Wiki
Jump to navigation Jump to search

Offer Password Reset on Login Page

The code below was adapted from http://www.uio.no/tjenester/it/applikasjoner/rt/utvikling-drift/modifications/index.html#toc9

I installed from Debian apt-get packages and the "local" directory is found at: /usr/local/share/request-tracker3.8 while the real source directory is at: /usr/share/request-tracker3.8

So, to hook into the Callback offered in the Login form called "AfterForm", I had to create the directory: /usr/local/share/request-tracker3.8/html/Callbacks/Default/Elements/Login and in there put a file called "AfterForm" The content of that file is:

%# taken from http://www2.usit.uio.no/it/rt/modifications/

       %# Add template named 'Password Change', with description
       %#
       %#   Automatically generate password for external users who have forgotten their password
       %#
       <div style="margin: -20px auto 10px auto; text-align: center;">
        &lt;b&gt;Forgot Your Password?&lt;/b&gt;

        &lt;div style="color: green; font-weight: bold;"&gt;&lt;%$forgotSuccess%&gt;&lt;/div&gt;

        &lt;form method="get" style="display: &lt;%$forgotFormDisplay%&gt;;"
        <!-- if you are using RT4, you need this: -->
         action="NoAuth/Login.html"
        <!-- end for RT4 -->
        &gt;

        <!-- if you are using RT4, you need this next line -->
         <input type="hidden" name="next" value="<%$next%>" />
        <!-- END LINE FOR rt4 -->

    % if($forgotFail) {
    &lt;div class="error" style="text-align: left;"&gt;
        &lt;div class="titlebox error"&gt;
            &lt;div class="titlebox-title"&gt;
                &lt;span class="left"&gt;Error&lt;/span&gt;&lt;span class="right-empty"&gt; &lt;/span&gt;
            &lt;/div&gt;
            &lt;div class="titlebox-content"&gt;
                &lt;%$forgotFail%&gt;&lt;hr class="clear" /&gt;
            &lt;/div&gt;
        &lt;/div&gt;
    &lt;/div&gt;
    % }
            &lt;%$forgotPrompt%&gt; &lt;input type="text" name="email"&gt; &lt;input type="submit" value='Send New Password'&gt;
        &lt;/form&gt;
    &lt;/div&gt;


    &lt;%INIT&gt;
    my $forgotPrompt = "Enter your email address: ";
    my $forgotFail = '';
    my $forgotFormDisplay = 'block';
    my $forgotSuccess = '';

    my $mailfrom = 'Ticket System &lt;YOU@YOURDOMAIN&gt;';

    if ($email)
    {
        $email =~ s/^\s+|\s+$//g;
        my $UserObj = RT::User-&gt;new($RT::SystemUser);
        $UserObj-&gt;LoadByEmail($email);

        if (defined($UserObj-&gt;Id))
        {
            my ($val, $str) = ResetPassword($UserObj, $mailfrom);
            if($val &gt; 0)
            {
                $forgotFormDisplay = 'none';
                $forgotSuccess = $str;
            }
            else
            {
                $forgotFail = $str;
            }
        }
        else
        {
            $forgotFail = "Sorry, no account in the ticket system has the email address: $email";
            $forgotPrompt = "Please enter the email used in one of your existing tickets:";
        }
    }

    sub ResetPassword {
        my $self = shift;
        my $mailfrom = shift;

        my $email = $self-&gt;EmailAddress;

        unless ( $self-&gt;CurrentUserCanModify('Password') ) {
            return ( 0, $self-&gt;loc("You don't have permission to change your password.") );
        }

        unless ( ($self-&gt;Name =~ m/\@/) ) {
            return ( 0, $self-&gt;loc("Only external users can reset their passwords this way.") );
        }

        my ( $status, $pass ) = $self-&gt;SetRandomPassword();

        unless ($status) {
            return ( 0, "$pass" );
        }

        my $template = RT::Template-&gt;new( $self-&gt;CurrentUser );

        my $parsed;
        # This test do not work.  I'm not sure how to detect if the template loading failed [pere 2006-08-16]
        if ($template-&gt;LoadGlobalTemplate('PasswordChange')) {
            $T::RealName = $self-&gt;RealName;
            $T::Username = $self-&gt;Name;
            $T::Password = $pass;
            $parsed = $template-&gt;_ParseContent();
        }
        else
        {

    # hardcoded default text body in case 'Password Change' template is missing.

            $parsed = &lt;&lt;EOF;

    Greetings,

    This message was automatically sent in response to a Reset Password request in
    the web based ticket system.

    You may now login using the following:

            Username: $self-&gt;Name
            Password: $pass

    Support Team

    EOF
        }
        my $entity = MIME::Entity-&gt;build(
                                          From    =&gt; $mailfrom,
                                          To      =&gt; $email,
                                          Subject =&gt; loc("CF Ticket Password Changed"),
                                          'X-RT-Loop-Prevention' =&gt; $RT::rtname,
                                          Type    =&gt; "text/plain",
                                          Charset =&gt; "UTF-8",
                                          Data    =&gt; [$parsed]
                                        );
        open (MAIL, "|$RT::SendmailPath $RT::SendmailArguments -t") || return(0, "Failed to open mailpipe");
        print MAIL $entity-&gt;as_string;
        close(MAIL);

        return (1, "SUCCESS! A new password was sent to your email address.");
    }
    &lt;/%INIT&gt;

    &lt;%ARGS&gt;
    $email =&gt; undef
  1. if you are using RT4, you need this next line:
       $next => undef
 # end for RT4
       </%ARGS>
    </nowiki>

For RT4.0.6 (maybe earlier?)

We had to do a few changes to make it work under RT4.0.6, we hope the following will make it easier for others.

First, for non Debian distrbutions the file AfterForm should be created under [RT4 base dir]/local/html/Callbacks/Default/Elements/Login/

Copy pasting the code from here will break things, so make sure you do the following after you pasted it into the file:

Merge the following lines, as keeping it this way will break the HTML code, just remove the comments and put it all on one line (lines ~12-16):

<

form method="get" style="display: <%$forgotFormDisplay%>;"

           action="NoAuth/Login.html"
          >

To:

<

form method="get" style="display: <%$forgotFormDisplay%>;" action="NoAuth/Login.html">

Next, SetRandomPassword function when invoked change the password, but won't include it in the email sent to the user. Change the function to ResetPassword (line ~83):

my ( $status, $pass ) = $self->SetRandomPassword();

To:

my ( $status, $pass ) = $self->ResetPassword();

Last thing, make sure the closing "EOF" (line ~120) is at the start of a line by itself, else it will die with an error.